Hacking question...hacking gurus step inside.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • RayVega
    Confirmed User
    • Jul 2004
    • 4212

    #1

    Hacking question...hacking gurus step inside.

    Ok, check this out.
    our computer system is being hacked. It is a password protected area for brokers (mainstream) It appears that somone is hitting the response form and since they are not under a brokers ID, it is trying to send the response to a non existent broker.

    Am I correct about this, and how should I stop it? Advice anyone?

    LOG:
    [23/JUNE/2008 01:30:19] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
    [23/JUNE/2008 01:30:22] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
    [23/JUNE/2008 01:30:28] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
    [23/JUNE/2008 01:30:30] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
    [23/JUNE/2008 01:30:34] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
    [23/JUNE/2008 01:30:36] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
    Ray "The Don" Vega

    Managing Director
    Private Equity Fund

    [email protected]
  • HorseShit
    Too lazy to set a custom title
    • Dec 2004
    • 17513

    #2
    uh that doesn't look like a hack attempt

    Comment

    • Dirty F
      Too lazy to set a custom title
      • Jul 2001
      • 59204

      #3
      Well you got his IP address.
      127.0.0.1 <--- very evil, used by lots of hackers.
      Ask your host to block 127.0.0.1

      Comment

      • ladida
        Confirmed User
        • Nov 2005
        • 2179

        #4
        Your script is attacking you. Uber eleet hacking is going on
        agentGFY *at* gmail.com

        Comment

        • Iron Fist
          Too lazy to set a custom title
          • Dec 2006
          • 23400

          #5
          Originally posted by ladida
          Your script is attacking you. Uber eleet hacking is going on
          i like waffles

          Comment

          • DamianJ
            Too lazy to set a custom title
            • Jul 2006
            • 15808

            #6
            There's no place like 127.0.0.1

            Comment

            • Chris
              Too lazy to set a custom title
              • May 2003
              • 27880

              #7
              i cant hack my way out of a paper bag and to me that looks like your computer is doing it
              [email protected]

              Comment

              • V_RocKs
                Damn Right I Kiss Ass!
                • Nov 2003
                • 32449

                #8
                Would need a link to your form...

                Comment

                • Jens Van Assterdam
                  The Dupre Pimp
                  • Feb 2008
                  • 6677

                  #9
                  Originally posted by DamianJ
                  There's no place like 127.0.0.1
                  no shit
                  Read TOS for signature rules

                  Comment

                  • Phoenix
                    BACON BACON BACON
                    • Nov 2002
                    • 35475

                    #10
                    hello fbi....i just wanted to say hello
                    Telegram PhoenixBrad
                    https://quantads.io

                    Comment

                    • StuartD
                      Sofa King Band
                      • Jul 2002
                      • 29903

                      #11
                      http://www.thinkgeek.com/tshirts/generic/5d6a/?cpg=ab
                      This is me on facebook
                      This is me on twitter

                      Comment

                      • RayVega
                        Confirmed User
                        • Jul 2004
                        • 4212

                        #12
                        Thanks guys. So there is a possibility that it is just a bug in the form submission script and not a hack at all? This shit is driving me nuts...every few days the server goes down and we lose the last few days of data.
                        Ray "The Don" Vega

                        Managing Director
                        Private Equity Fund

                        [email protected]

                        Comment

                        • woj
                          <&(©¿©)&>
                          • Jul 2002
                          • 47882

                          #13
                          Originally posted by DamianJ
                          There's no place like 127.0.0.1
                          Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
                          Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
                          Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

                          Comment

                          • RayVega
                            Confirmed User
                            • Jul 2004
                            • 4212

                            #14
                            bump bump
                            Ray "The Don" Vega

                            Managing Director
                            Private Equity Fund

                            [email protected]

                            Comment

                            • StuartD
                              Sofa King Band
                              • Jul 2002
                              • 29903

                              #15
                              Originally posted by RayVega
                              Thanks guys. So there is a possibility that it is just a bug in the form submission script and not a hack at all? This shit is driving me nuts...every few days the server goes down and we lose the last few days of data.
                              I'd start checking your automated scripts. Anything that is supposed to run on it's own.
                              This is me on facebook
                              This is me on twitter

                              Comment

                              • 2MuchMark
                                Mark of 2Much.net
                                • Aug 2004
                                • 50977

                                #16
                                Originally posted by RayVega
                                Ok, check this out.
                                our computer system is being hacked. It is a password protected area for brokers (mainstream) It appears that somone is hitting the response form and since they are not under a brokers ID, it is trying to send the response to a non existent broker.

                                Am I correct about this, and how should I stop it? Advice anyone?

                                LOG:
                                [23/JUNE/2008 01:30:19] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
                                [23/JUNE/2008 01:30:22] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
                                [23/JUNE/2008 01:30:28] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
                                [23/JUNE/2008 01:30:30] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
                                [23/JUNE/2008 01:30:34] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
                                [23/JUNE/2008 01:30:36] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
                                Hi Ray -

                                You're not being hacked.

                                The IP Address 127.0.0.1 is your local machine that is running this script. (hence the "home" jokes). The messages above are trying to tell you that This Local Machine cannot send the message because the recipient is unknown. (Wrong email address).

                                That's all - no hackers are doing anything nasty to you.

                                Cheers!

                                Comment

                                • munki
                                  Do Fun Shit.
                                  • Dec 2004
                                  • 13393

                                  #17
                                  Originally posted by DamianJ
                                  There's no place like 127.0.0.1
                                  I still want that shirt...

                                  I have the simplest tastes. I am always satisfied with the best.” -Oscar Wilde

                                  Comment

                                  • sumphatpimp
                                    Confirmed User
                                    • Aug 2002
                                    • 5235

                                    #18
                                    you should do a whois on that 127.0.0.1 and see where he lives then go over his place and fuck his ass up good. he fucked with me a few years ago but I found him and beat the living shit out of him with baseball bat. I fucked him up good, he went to the hospital and all.
                                    now this fucker at 192.1683.0.3 is fucking with me, guess I will have to go over his place and straighten out that sonuvabitch too!
                                    I am telling you. being a webmaster ain't easy!

                                    Comment

                                    • RayVega
                                      Confirmed User
                                      • Jul 2004
                                      • 4212

                                      #19
                                      Very funny guys...I am very well aware that 127.0.0.1 is the local machine. The problem is that someone or something is triggering it to attempt to send an email every few minutes and in some cases several times a second. This is not a regular user trying to use the form improperly causing an error message, this is either a crazy loop, DOS attack, or attempt to use the form to spam. The attempts are crashing the system.

                                      The way the scripts were designed, the main script(script one) passes info to script two to send the form results to several people...therefore my thoughts on this could be that someone (or a bot they use) are trying to use script number two to send out email to targets so it is untraceable to them, they are using script number two to attempt a DOS attack on someone, or it's just a bug that loops causing the scripting engine to blow up.

                                      problem is that I am not familiar enough with ASP (or the windows web server platform). If the script was in PERL or PHP on a linux box for example, the issue would be resolved already.
                                      Ray "The Don" Vega

                                      Managing Director
                                      Private Equity Fund

                                      [email protected]

                                      Comment

                                      • RayVega
                                        Confirmed User
                                        • Jul 2004
                                        • 4212

                                        #20
                                        Anyone recommend somone to go in and fix it (without spending a fortune)? I don't have the time to debug it.
                                        Ray "The Don" Vega

                                        Managing Director
                                        Private Equity Fund

                                        [email protected]

                                        Comment

                                        • sumphatpimp
                                          Confirmed User
                                          • Aug 2002
                                          • 5235

                                          #21
                                          problem is that I am not familiar enough with ASP (or the windows web server platform). If the script was in PERL or PHP on a linux box for example, the issue would be resolved already.

                                          Ray, as a suggestion, maybe you should start a thread "Need Windows programmer" and then work from there. may get you better results.

                                          Comment

                                          • RayVega
                                            Confirmed User
                                            • Jul 2004
                                            • 4212

                                            #22
                                            Originally posted by sumphatpimp
                                            problem is that I am not familiar enough with ASP (or the windows web server platform). If the script was in PERL or PHP on a linux box for example, the issue would be resolved already.

                                            Ray, as a suggestion, maybe you should start a thread "Need Windows programmer" and then work from there. may get you better results.
                                            Yes, I'll post later when more people are online...I really wanted some opinions as to what it was (ex.whether it is an attack or a script bug). Seems that it looks like a script bug and not an attack after all..
                                            Ray "The Don" Vega

                                            Managing Director
                                            Private Equity Fund

                                            [email protected]

                                            Comment

                                            • ladida
                                              Confirmed User
                                              • Nov 2005
                                              • 2179

                                              #23
                                              Originally posted by RayVega
                                              The way the scripts were designed, the main script(script one) passes info to script two to send the form results to several people.
                                              DingDing..

                                              Your scripts are attacking you man. I told you already. Get a programmer to debug that for you, and stop with hacking theories, they remind me of hollywood movies
                                              agentGFY *at* gmail.com

                                              Comment

                                              • psili
                                                Confirmed User
                                                • Apr 2003
                                                • 5526

                                                #24
                                                If the scripts were running, unchanged, for a period of time without issue, it could be external. If the scripts were implemented and the problem arose soon after, it's probably a script issue.

                                                Just my $.02 on where to start debugging.
                                                Your post count means nothing.

                                                Comment

                                                • RayVega
                                                  Confirmed User
                                                  • Jul 2004
                                                  • 4212

                                                  #25
                                                  Originally posted by ladida
                                                  DingDing..

                                                  Your scripts are attacking you man. I told you already. Get a programmer to debug that for you, and stop with hacking theories, they remind me of hollywood movies
                                                  um...yea...I think we acertained that almost right away. But it doesn't mean it's definitely what it is. Thanks for the help though.
                                                  Ray "The Don" Vega

                                                  Managing Director
                                                  Private Equity Fund

                                                  [email protected]

                                                  Comment

                                                  • RayVega
                                                    Confirmed User
                                                    • Jul 2004
                                                    • 4212

                                                    #26
                                                    Originally posted by psili
                                                    If the scripts were running, unchanged, for a period of time without issue, it could be external. If the scripts were implemented and the problem arose soon after, it's probably a script issue.

                                                    Just my $.02 on where to start debugging.
                                                    Well, I just took over the problem. I didn't even know it was happening until recently. IT just restored the server every time without saying anything. Aparently, it has been doing it for a long time, like once a month, but it is getting worse and worse, now it crashes twice a day.
                                                    Ray "The Don" Vega

                                                    Managing Director
                                                    Private Equity Fund

                                                    [email protected]

                                                    Comment

                                                    • _Richard_
                                                      Too lazy to set a custom title
                                                      • Oct 2006
                                                      • 30991

                                                      #27
                                                      Originally posted by DamianJ
                                                      There's no place like 127.0.0.1

                                                      Comment

                                                      • RayVega
                                                        Confirmed User
                                                        • Jul 2004
                                                        • 4212

                                                        #28
                                                        OK well check this out...while this log file explosion is taking place, different websites show in the status bar, and these sites whois back to places like bulgaria etc.

                                                        In other words, while you are trying to go to the site, and it is hanging up trying to load, it say's in the status bar "loading www.bulgariasite.com" instead of "loading www.mysite.com". It is a different russian or bulgarian site every time and the url is registered but the site doesn't exist. Also, it is not putting my entire site into a giant iframe, I checked to see if that was the case, so how in the hell could another site name come up?

                                                        What in the hell would cause that?
                                                        Ray "The Don" Vega

                                                        Managing Director
                                                        Private Equity Fund

                                                        [email protected]

                                                        Comment

                                                        Working...